Sponsored By

malurogo

Members
  • Content Count

    9
  • Joined

  • Last visited

Everything posted by malurogo

  1. Hi guys, Hope this find you all well and free of credit crunch and other woes. Got a problem I'm hoping someone can help me with. Both my Cd drive and DVD drive display the same message when I left click on them E or F is not accesible acees denied. Strangely enough this only happens on one of the two accounts. I recently installed an external hard drive and upgraded from Office 2003 to 2007. Not sure this has anything to do with it. Can anyone help please? Ta
  2. I have inadvertently installed what was supposed to be a simple movie add-on and my home page has been hijacked. On the Add or Remove Programs screen these two appear:IE Custom Tools,IE Safety Features and I can't remove them. Can anybody please help? These are the hijack this reports: Deckard's System Scanner v20071014.68 Run by Yoly on 2007-10-22 19:50:42 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 70: 2007-10-22 18:50:53 UTC - RP296 - Deckard's System Scanner Restore Point 69: 2007-10-22 09:43:02 UTC - RP295 - System Checkpoint 68: 2007-10-20 22:34:39 UTC - RP294 - System Checkpoint 67: 2007-10-19 21:20:43 UTC - RP293 - System Checkpoint 66: 2007-10-18 21:07:23 UTC - RP292 - System Checkpoint -- First Restore Point -- 1: 2007-08-02 18:12:49 UTC - RP227 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 510 MiB (512 MiB recommended). -- HijackThis (run as Yoly.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:54:03, on 22/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Video Add-on\isfmntr.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\PROGRA~1\MESSEN~1\msmsgs.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Video Add-on\isfmm.exe C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Yoly\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Yoly.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [rsy32] C:\WINDOWS\System32\rsy32.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [xvgmujwqp] c:\windows\system32\xvgmujwqp.exe xvgmujwqp O4 - HKLM\..\Run: [Picasa Media Detector] D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [FT Desktop news alerts] "C:\Program Files\FT Desktop news alerts\FTDesktopnewsalerts.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [CrawlerMail] c:\progra~1\inbox\cmail.exe /startup O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk = C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Inbox Search - tbr:iemenu O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165445224218 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165447675281 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/prequal/MotivePreQual.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O22 - SharedTaskScheduler: bokard - {ab75cc7d-2751-4144-a278-5462d5a5884c} - C:\WINDOWS\system32\dfrep.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe O23 - Service: Windows Security Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing) -- End of file - 8932 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver> R1 StarOpen - c:\windows\system32\drivers\staropen.sys R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0> R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0> R2 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~2\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security> R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~2\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security> R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~2\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0> R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~2\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0> S2 Windows Security Manager - "c:\windows\system32\vcmon.exe" (file missing) S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: PCI Modem Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&28F0 Manufacturer: Name: PCI Modem PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&28F0 Service: -- Scheduled Tasks ------------------------------------------------------------- 2007-10-22 10:15:47 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6144042F-5447-427E-8D14-3D5A94F277F8}.job 2007-10-21 17:57:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-09-22 and 2007-10-22 ----------------------------- 2007-10-22 19:11:35 0 d-------- C:\Program Files\Video Add-on -- Find3M Report --------------------------------------------------------------- 2007-10-22 19:53:51 0 d-------- C:\Program Files\Trend Micro 2007-10-20 21:47:48 12800 --a-s---- C:\WINDOWS\system32\dfrep.dll 2007-09-28 09:28:38 0 d-------- C:\Program Files\DC++ 2007-09-15 20:45:00 0 d-------- C:\Program Files\Mordor II 2007-09-10 19:25:46 0 d-------- C:\Program Files\WildGames 2007-09-10 17:25:09 0 d-------- C:\Program Files\DevastationZoneTroopers_at 2007-09-10 16:28:37 0 d-------- C:\Program Files\The Dark Legions 2007-09-10 16:27:12 0 d-------- C:\Program Files\MrRobot 2007-09-10 16:26:27 0 d-------- C:\Program Files\Crimsonland 2007-09-10 12:27:44 61440 --a------ C:\WINDOWS\diabswun.exe 2007-09-10 12:27:44 86528 --a------ C:\WINDOWS\bnetunin.exe 2007-09-10 11:06:10 0 d-------- C:\Program Files\Virtual Villagers 2007-09-04 17:42:14 0 d-------- C:\Program Files\Takatis - A Tribute To Manfred Trenz 2007-09-03 16:28:00 276480 --a------ C:\WINDOWS\system32\tyekjvcbnm.exe 2007-09-02 11:40:48 0 d-------- C:\Program Files\MathType 2007-08-31 23:42:34 0 d-------- C:\Program Files\Realore -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}] 22/10/2007 19:40 11264 --a------ C:\Program Files\Video Add-on\isfmdl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [02/10/2003 14:37] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [02/10/2003 14:19] "rsy32"="C:\WINDOWS\System32\rsy32.exe" [] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [19/07/2005 18:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 16:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 16:14] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [08/03/2006 14:30] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/10/2006 19:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/10/2006 10:36] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [30/09/2003 00:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [21/03/2006 13:19] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32] "NapsterShell"="C:\Program Files\Napster\napster.exe" [] "xvgmujwqp"="c:\windows\system32\xvgmujwqp.exe" [10/09/2007 09:07] "Picasa Media Detector"="D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe" [12/12/2006 01:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [06/04/2007 10:17] "FT Desktop news alerts"="C:\Program Files\FT Desktop news alerts\FTDesktopnewsalerts.exe" [] "MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe" [13/10/2004 17:24] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [] "CrawlerMail"="c:\progra~1\inbox\cmail.exe" [] "ares"="C:\Program Files\Ares\Ares.exe" [14/05/2007 23:37] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [06/04/2007 10:17:02] TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk - C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe [09/06/2006 17:57:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "start"=C:\Program Files\Video Add-on\isfmntr.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{ab75cc7d-2751-4144-a278-5462d5a5884c}"= C:\WINDOWS\system32\dfrep.dll [20/10/2007 21:47 12800] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2007-10-22 19:54:50 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 3.06GHz Percentage of Memory in Use: 65% Physical Memory (total/avail): 510 MiB / 176.55 MiB Pagefile Memory (total/avail): 1248.8 MiB / 851.99 MiB Virtual Memory (total/avail): 2047.88 MiB / 1915.99 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 50.85 GiB total, 8.07 GiB free. D: is Fixed (NTFS) - 23.66 GiB total, 5.7 GiB free. E: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 50.85 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 23.66 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FW: Trend Micro PC-cillin Internet Security (Firewall) v14 (Trend Micro, Inc.) AV: Trend Micro PC-cillin Internet Security 2006 v14.10.1041 (Trend Micro, Inc.) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\Minions of Mirth\\bin\\MinionsOfMirth.exe"="C:\\Program Files\\Minions of Mirth\\bin\\MinionsOfMirth.exe:*:Enabled:MinionsOfMirth" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client" "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++" "C:\\Program Files\\Yahoo! Games\\Alien Shooter\\AlienShooter.exe"="C:\\Program Files\\Yahoo! Games\\Alien Shooter\\AlienShooter.exe:*:Disabled:AlienShooter Application" "C:\\Program Files\\Yahoo! Games\\Blackhawk Striker 2\\Blackhawk2.exe"="C:\\Program Files\\Yahoo! Games\\Blackhawk Striker 2\\Blackhawk2.exe:*:Enabled:Black Hawk Striker 2" "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX01.594\\emule.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX01.594\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Minions of Mirth\\bin\\MinionsOfMirth.exe"="C:\\Program Files\\Minions of Mirth\\bin\\MinionsOfMirth.exe:*:Enabled:MinionsOfMirth" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Yoly\Application Data CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=MARCO ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Yoly LOGONSERVER=\\MARCO NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Samsung\Samsung PC Studio 3\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Yoly\LOCALS~1\Temp TMP=C:\DOCUME~1\Yoly\LOCALS~1\Temp USERDOMAIN=MARCO USERNAME=Yoly USERPROFILE=C:\Documents and Settings\Yoly windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Owner (admin) Yoly (admin) Guest (guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe" AVIcodec (remove only) --> "C:\Program Files\AVIcodec\uninst.exe" Broadcom 440x 10/100 Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033 Caesar 3 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Caesar3\Uninst.isu Canon MP Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58F8C6D9-5B55-486A-A322-4E8D87670031}\Setup.exe" -l0x9 -Uninstall Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP Toolbox 4.1.1.0.mp10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4669544E-20E4-4E56-8B44-2E6E1200051F}\Setup.exe" -l0x9 -Uninstall Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009 Canon MP160 User Registration --> C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN eMule --> "C:\Program Files\eMule\Uninstall.exe" Encyclopaedia Britannica Deluxe Edition 2004 CD-ROM --> "C:\Program Files\Britannica 2004\Encyclopaedia Britannica 2004 Deluxe Edition\UninstallerData\Uninstall Encyclopaedia Britannica 2004 Deluxe Edition.exe" FATE --> "C:\Program Files\WildGames\FATE\Uninstall.exe" FinePixViewer Ver.4.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE" Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B} Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" IE Custom Tools --> "C:\Program Files\Video Add-on\ictun.exe" IE Safety Features --> "C:\Program Files\Video Add-on\isfun.exe" Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4} Libros en pantalla de Microsoft SQL Server 2005 (español) (abril de 2006) --> MsiExec.exe /I{3E40C7A9-027C-4906-98AC-71AD0E84F143} Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9 Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Macromedia Flash Player 8 --> MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750} MathType 5 --> "C:\Program Files\MathType\Setup.exe" -R Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120 Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" nFLVPlayer --> "C:\Program Files\zeraha.org\nFLVPlayer\unins000.exe" PHStat2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8928A887-1321-11D6-A1EC-C98533E76960} Picasa 2 --> "D:\new\my documents\My Downloads\Picasa2\Uninstall.exe" QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Sierra Utilities --> .\sutil32.exe uninstall Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe" Sony Ericsson PC Suite --> MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797} SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Takatis - A Tribute To Manfred Trenz --> "C:\Program Files\Takatis - A Tribute To Manfred Trenz\Uninstall Takatis - A Tribute To Manfred Trenz.exe" TalkTalk SNU5630NS/05 Wireless USB Adapter --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4622F6EA-5EB3-49A9-AE31-4A960B85F46A} Trend Micro PC-cillin Internet Security 2006 --> MsiExec.exe /X{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Safety Alert --> C:\Documents and Settings\Owner\Local Settings\Temp\laf1.exe /del WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Xenon 2000 - Project PCF --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EE3C83-725F-4EA4-891A-CD6B019FCDC1}\Setup.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type3690 / Warning Event Submitted/Written: 10/22/2007 07:40:55 PM Event ID/Source: 32068 / Microsoft Fax Event Description: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*' Event Record #/Type3689 / Warning Event Submitted/Written: 10/22/2007 07:40:55 PM Event ID/Source: 32026 / Microsoft Fax Event Description: Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed. Event Record #/Type3685 / Error Event Submitted/Written: 10/22/2007 07:39:41 PM Event ID/Source: 4609 / EventSystem Event Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Event Record #/Type3684 / Error Event Submitted/Written: 10/22/2007 07:39:40 PM Event ID/Source: 4609 / EventSystem Event Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Event Record #/Type3679 / Warning Event Submitted/Written: 10/22/2007 07:34:43 PM Event ID/Source: 32068 / Microsoft Fax Event Description: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*' -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type28308 / Error Event Submitted/Written: 10/22/2007 07:39:02 PM Event ID/Source: 7034 / Service Control Manager Event Description: The WebClient service terminated unexpectedly. It has done this 1 time(s). Event Record #/Type28307 / Error Event Submitted/Written: 10/22/2007 07:39:02 PM Event ID/Source: 7031 / Service Control Manager Event Description: The Universal Plug and Play Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Event Record #/Type28306 / Error Event Submitted/Written: 10/22/2007 07:39:02 PM Event ID/Source: 7034 / Service Control Manager Event Description: The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s). Event Record #/Type28305 / Error Event Submitted/Written: 10/22/2007 07:39:02 PM Event ID/Source: 7034 / Service Control Manager Event Description: The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). Event Record #/Type28287 / Error Event Submitted/Written: 10/22/2007 07:38:57 PM Event ID/Source: 7034 / Service Control Manager Event Description: The DNS Client service terminated unexpectedly. It has done this 1 time(s). -- End of Deckard's System Scanner: finished at 2007-10-22 19:54:50 ------------
  3. malurogo

    Ie Custom Tools/safety Features[RESOLVED]

    Hi Sari, Things seem to be a lot better, thank yoy very much for all your help. you guys do a great job!! Take care Marco
  4. malurogo

    Ie Custom Tools/safety Features[RESOLVED]

    Hi Sari, Sorry for the delay in replying. I've followed all your instructions and attached both reports you asked for. A funny thing happened: my Antivirus programme expired and on downloading the new one, thus getting rid of the older version, things seem to have got a lot better. My homepage is not longer hijacked. Could it be that the virus was in my antivitus programme? Thanks Marco log.txt main.txt
  5. malurogo

    Ie Custom Tools/safety Features[RESOLVED]

    Hi Sari, Here are the logs you asked for: ComboFix 07-11-08.1 - Owner 2007-11-07 17:45:42.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.118 [GMT 0:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pack.epk c:\WINDOWS\system32\fxgenyl.dat c:\windows\system32\fxgenyl.exe C:\WINDOWS\system32\fxgenyl_nav.dat C:\WINDOWS\system32\fxgenyl_navps.dat C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\u2g.f C:\WINDOWS\system32\winiconmon.ico C:\WINDOWS\system32\winiconmon.ico.bak0 . ((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 ))))))))))))))))))))))))))))))) . 2007-11-07 17:44 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-05 13:17 <DIR> d-------- C:\Program Files\Navilog1 2007-10-28 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-10-25 13:09 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-25 13:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-25 13:09 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-25 13:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-25 13:09 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-24 18:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-24 18:02 3,942 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-22 18:50 <DIR> d-------- C:\Deckard 2007-10-22 18:11 <DIR> d-------- C:\Program Files\Video Add-on 2007-10-10 09:32 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-28 19:09 --------- d-----w C:\Program Files\Apple Software Update 2007-10-24 23:10 --------- d-----w C:\Program Files\QuickTime 2007-10-24 23:06 --------- d-----w C:\Program Files\iTunes 2007-10-24 22:57 --------- d-----w C:\Program Files\Ares 2007-10-24 19:50 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-24 07:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM 2007-10-22 18:53 --------- d-----w C:\Program Files\Trend Micro 2007-09-28 08:28 --------- d-----w C:\Program Files\DC++ 2007-09-15 19:45 --------- d-----w C:\Program Files\Mordor II 2007-09-11 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent 2007-09-10 18:25 --------- d-----w C:\Program Files\WildGames 2007-09-10 16:25 --------- d-----w C:\Program Files\DevastationZoneTroopers_at 2007-09-10 15:28 --------- d-----w C:\Program Files\The Dark Legions 2007-09-10 15:27 --------- d-----w C:\Program Files\MrRobot 2007-09-10 15:26 --------- d-----w C:\Program Files\Crimsonland 2007-09-10 11:27 86,528 ----a-w C:\WINDOWS\bnetunin.exe 2007-09-10 11:27 61,440 ----a-w C:\WINDOWS\diabswun.exe 2007-09-10 10:06 --------- d-----w C:\Program Files\Virtual Villagers 2007-09-03 15:28 276,480 ----a-w C:\WINDOWS\system32\tyekjvcbnm.exe 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-16 16:24 25,980,320 ----a-w C:\Program Files\FLV PlayerRCSetup.exe 2007-04-16 16:24 2,874,926 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe 2006-12-06 19:52 1,703 ----a-w C:\Program Files\tileb-hx.ide . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}] 2007-10-24 17:48 11264 --a------ C:\Program Files\Video Add-on\isfmdl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-22 18:11 78336] [HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-22 18:11 78336] [HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-02 13:37] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-02 13:19] "rsy32"="C:\WINDOWS\System32\rsy32.exe" [] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2006-03-08 13:30] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 23:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 12:19] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32] "NapsterShell"="C:\Program Files\Napster\napster.exe" [] "Picasa Media Detector"="D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe" [2006-12-12 00:36] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-06 09:17] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24] "ares"="C:\Program Files\Ares\Ares.exe" [2007-05-14 22:37] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-06 09:17:02] TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk - C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe [2006-06-09 16:57:50] S2 Windows Security Manager;Windows Security Manager;"C:\WINDOWS\system32\vcmon.exe" S3 CPTWGU(TalkTalk);TalkTalk SNU5630NS/05 Wireless USB Adapter(TalkTalk);C:\WINDOWS\system32\DRIVERS\CPTWGU.sys . Contents of the 'Scheduled Tasks' folder "2007-11-01 13:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-07 17:37:58 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6144042F-5447-427E-8D14-3D5A94F277F8}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-08 17:48:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-08 17:49:18 . --- E O F --- Deckard's System Scanner v20071014.68 Run by Owner on 2007-11-08 17:50:00 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 510 MiB (512 MiB recommended). -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:50:26, on 08/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Ares\Ares.exe C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\WINDOWS\system32\msfeedssync.exe D:\NAPO\MYDOCU~1\MYDOWN~1\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [rsy32] C:\WINDOWS\System32\rsy32.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [Picasa Media Detector] D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk = C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165445224218 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165447675281 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/prequal/MotivePreQual.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe O23 - Service: Windows Security Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing) -- End of file - 7897 bytes -- Files created between 2007-10-08 and 2007-11-08 ----------------------------- 2007-11-05 13:17:38 0 d-------- C:\Program Files\Navilog1 2007-10-28 19:09:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-10-25 13:09:47 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-25 13:09:47 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2007-10-25 13:09:47 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-10-25 13:09:47 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2007-10-25 13:09:47 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-24 18:14:00 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-10-24 18:02:06 3942 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-24 17:43:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Opera 2007-10-22 18:11:35 0 d-------- C:\Program Files\Video Add-on -- Find3M Report --------------------------------------------------------------- 2007-10-28 19:09:52 0 d-------- C:\Program Files\Apple Software Update 2007-10-25 12:29:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe 2007-10-24 23:10:53 0 d-------- C:\Program Files\QuickTime 2007-10-24 23:06:39 0 d-------- C:\Program Files\Messenger 2007-10-24 23:06:15 0 d-------- C:\Program Files\iTunes 2007-10-24 22:57:06 0 d-------- C:\Program Files\Ares 2007-10-24 19:50:26 0 d-------- C:\Program Files\Common Files\Adobe 2007-10-24 07:52:45 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM 2007-10-22 18:53:51 0 d-------- C:\Program Files\Trend Micro 2007-09-28 08:28:38 0 d-------- C:\Program Files\DC++ 2007-09-15 19:45:00 0 d-------- C:\Program Files\Mordor II 2007-09-10 18:25:46 0 d-------- C:\Program Files\WildGames 2007-09-10 16:25:09 0 d-------- C:\Program Files\DevastationZoneTroopers_at 2007-09-10 15:28:37 0 d-------- C:\Program Files\The Dark Legions 2007-09-10 15:27:12 0 d-------- C:\Program Files\MrRobot 2007-09-10 15:26:27 0 d-------- C:\Program Files\Crimsonland 2007-09-10 11:27:44 61440 --a------ C:\WINDOWS\diabswun.exe 2007-09-10 11:27:44 86528 --a------ C:\WINDOWS\bnetunin.exe 2007-09-10 10:06:10 0 d-------- C:\Program Files\Virtual Villagers 2007-09-03 15:28:00 276480 --a------ C:\WINDOWS\system32\tyekjvcbnm.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}] 24/10/2007 17:48 11264 --a------ C:\Program Files\Video Add-on\isfmdl.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [22/10/2007 18:11 78336] [-HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [02/10/2003 13:37] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [02/10/2003 13:19] "rsy32"="C:\WINDOWS\System32\rsy32.exe" [] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [19/07/2005 17:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 15:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 15:14] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [08/03/2006 13:30] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/10/2006 18:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/10/2006 09:36] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [29/09/2003 23:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [21/03/2006 12:19] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 21:32] "NapsterShell"="C:\Program Files\Napster\napster.exe" [] "Picasa Media Detector"="D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe" [12/12/2006 00:36] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 18:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [06/04/2007 09:17] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [08/06/2005 14:44] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24] "ares"="C:\Program Files\Ares\Ares.exe" [14/05/2007 22:37] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 18:16:50] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [06/04/2007 09:17:02] TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk - C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe [09/06/2006 16:57:50] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2007-11-08 17:50:52 ------------
  6. malurogo

    Ie Custom Tools/safety Features[RESOLVED]

    Hi Sari, Thanks very much for your patient help. Bad news I'm afraid. I've got the same problem as when I tried to run Smitfraudfix on Safe Mode; I can't do it, when I type Y to run the program nothing happens and the cursor gets still I can't move it and my only alternative as far as I can see is to reboot the computer. Another thing that may be relevant: every time I log on to my account the following message appears: "TmPfw has encountered a problem and needs to close. We are sorry for the inconvenience." This message didn't appear before the virus infected my PC. Thanks again Marco
  7. malurogo

    Ie Custom Tools/safety Features[RESOLVED]

    Yes that's what happens, I've tried again but clicking on the smitfraudfix icon directly, I press any key and the program doesn't run it gets stuck. I can't move the cursor or do anything so I have to manually switch off the computer. Marco
  8. malurogo

    Ie Custom Tools/safety Features[RESOLVED]

    hI Sari, Following your instructions I've installed the newest version of Smitfraud and tried to run it on Safe Mode but I can't do it. When I click on smitfraudfix.cmd a new window opens where it prompts me to press a key, I do this and the computer gets blocked. I can only turn it off and restart again and the same thing happens time and time again. Another thing: this virus has also hijacked my Antivirus program which I cannot access. thanks Marco
  9. malurogo

    Ie Custom Tools/safety Features[RESOLVED]

    Hi Sari and thanks for your help. I have got rid of those two buggers but my homepage remains hijacked by this website:http://asecurityassurance.com/ I've tried to change it to my usual using Internet Options but it will not allow me to do so. Another problem I have is that whenever I try to acces PDF type web pages my browser closes automatically. These are the reports you requested: SmitFraudFix v2.240 Scan done at 19:02:00.67, 24/10/2007 Run from C:\Documents and Settings\Yoly\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{ab75cc7d-2751-4144-a278-5462d5a5884c}"="bokard" [HKEY_CLASSES_ROOT\CLSID\{ab75cc7d-2751-4144-a278-5462d5a5884c}\InProcServer32] @="C:\WINDOWS\system32\dfrep.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ab75cc7d-2751-4144-a278-5462d5a5884c}\InProcServer32] @="C:\WINDOWS\system32\dfrep.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\dfrep.dll -> Hoax.Win32.Renos.gen.o C:\WINDOWS\system32\dfrep.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{A51BBA3E-D43B-44A6-803E-41CF8BF6D43F}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A51BBA3E-D43B-44A6-803E-41CF8BF6D43F}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{A51BBA3E-D43B-44A6-803E-41CF8BF6D43F}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Incident Status Location Adware:Adware/VideoAddon Not disinfected C:\Program Files\Video Add-on\isfmdl.dll Spyware:spyware/web3000 Not disinfected c:\windows\hh.ico Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D} Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} Potentially unwanted tool:Application/InternetGameBox Not disinfected C:\Deckard\System Scanner\20071024184951\backup\WINDOWS\temp\NSIS_Install_igb.exe Potentially unwanted tool:Application/SpywareSecure Not disinfected C:\Deckard\System Scanner\20071024184951\backup\WINDOWS\temp\NSIS_SpywareSecure_trial_setup.exe Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Guest\Cookies\[email protected][1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.112.2o7.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.2o7.net/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.bravenet.com/] Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.paycounter.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.weborama.fr/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[www.web-stat.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Potentially unwanted tool:Application/Pskill.A Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\pskill.exe Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.atdmt.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.2o7.net/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.advertising.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[hc2.humanclick.com/] Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[hc2.humanclick.com/hc/87506651] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[bilbo.counted.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.adviva.net/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.zedo.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.statcounter.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][3].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Yoly\Desktop\SmitfraudFix\Process.exe Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Yoly\Desktop\SmitfraudFix\Reboot.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Yoly\Desktop\SmitfraudFix\restart.exe Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Yoly\Desktop\SmitfraudFix.exe Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Yoly\Local Settings\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\Cache\51F1B901d01 Potentially unwanted tool:Application/SpywareSecure Not disinfected C:\Documents and Settings\Yoly\My Documents\My Videos\SpywareSecure_trial_setup.exe Adware:Adware/PC-Prot Not disinfected C:\Program Files\Video Add-on\ictun.exe Adware:Adware/VideoAddon Not disinfected C:\Program Files\Video Add-on\isfmm.exe Adware:Adware/VideoAddon Not disinfected C:\Program Files\Video Add-on\isfmntr.exe Adware:Adware/Trymedia Not disinfected C:\RECYCLER\S-1-5-21-1060284298-602162358-839522115-1003\Dc143.exe Adware:Adware/Trymedia Not disinfected C:\RECYCLER\S-1-5-21-1060284298-602162358-839522115-1003\Dc145.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Potentially unwanted tool:Application/Processor Not disinfected D:\NAPO\my documents\My Downloads\smitRem\Process.exe Potentially unwanted tool:Application/Processor Not disinfected D:\NAPO\my documents\My Downloads\smitRem.exe[smitRem/Process.exe] Virus:Trj/Downloader.FA Not disinfected D:\NAPO\my documents\Screensavers\Dolphins-Screensaver-v311.exe[aud-cnet9.exe] Virus:Trj/Downloader.EF Not disinfected D:\NAPO\my documents\Screensavers\Dolphins-Screensaver-v311.exe[augscrsvr.exe] Spyware:Spyware/Systemcheck Not disinfected D:\NAPO\my documents\Screensavers\Dolphins-Screensaver-v311.exe[dolphinschk.exe] Potentially unwanted tool:Application/MyWay Not disinfected D:\NAPO\my documents\Screensavers\ocean.EXE Adware:Adware/Exact.SearchBar Not disinfected D:\NAPO\my documents\Screensavers\Real-3D-Matrix.exe[data\App\4\exact.exe] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:14:44, on 25/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\PROGRA~1\MESSEN~1\msmsgs.exe C:\Program Files\Ares\Ares.exe C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [rsy32] C:\WINDOWS\System32\rsy32.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [Picasa Media Detector] D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [FT Desktop news alerts] "C:\Program Files\FT Desktop news alerts\FTDesktopnewsalerts.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [CrawlerMail] c:\progra~1\inbox\cmail.exe /startup O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk = C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Inbox Search - tbr:iemenu O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165445224218 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165447675281 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/prequal/MotivePreQual.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe O23 - Service: Windows Security Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing) -- End of file - 8227 bytes